Bypassing kernel patch protection runtime
☆22Feb 19, 2023Updated 3 years ago
Alternatives and similar repositories for PatchGuardResearch
Users that are interested in PatchGuardResearch are comparing it to the libraries listed below
Sorting:
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- ☆43Apr 18, 2023Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆21May 25, 2021Updated 4 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- A simple C++ driver base with KD data block☆11Jun 25, 2022Updated 3 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆84Dec 21, 2022Updated 3 years ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- Rookit and anti rookit on Windows platform☆14Apr 30, 2024Updated last year
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- Runtime smm module loader☆35Jan 12, 2023Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- x64 Windows implementation of virtual-address to physical-address translation☆47Jun 3, 2021Updated 4 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Decoder for VMProtect hwids☆18Aug 1, 2022Updated 3 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- PAGE_GUARD based hooking library☆52Jul 25, 2022Updated 3 years ago
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆71Apr 9, 2023Updated 2 years ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- ☆16Jun 20, 2022Updated 3 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- hook KeyboardClassServiceCallback to prevent messing up sistema☆26Nov 14, 2023Updated 2 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆82Nov 13, 2023Updated 2 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Windows Kernel Programming Experiments☆84Sep 18, 2022Updated 3 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- i stole this from some guys private repo on github☆58Jul 11, 2021Updated 4 years ago
- Simple x86 Trampoline Hook☆44Aug 3, 2022Updated 3 years ago
- ☆158May 21, 2024Updated last year
- ☆23Jul 24, 2023Updated 2 years ago
- HackSysExtremeVulnerableDriver exploits for latest Windows 10 version☆26Jan 13, 2026Updated last month
- A wrapper around Windows, calls explicitly the lowest possible calls☆14Jan 19, 2023Updated 3 years ago
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- C Header Only Library for Virii☆11Nov 17, 2020Updated 5 years ago
- Sample for Creating a new kernel object type and supporting API☆27Sep 7, 2024Updated last year
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago